kcmurphy1
asked on
"You do not have access to this Session"
I have an issue that has been on my network since I believe XP SP2. My issue is with Remote Desktop and my XP Clients. When a PC comes off of a reboot, I am able to log on to that client with a standard user's account. Everything works fine. However, when that user logs off and then trys to log back on, I get the follow message: "You do not have access to logon to this Session". The same thing holds true on all standard users who trys to log on after a remote desktop session. The only exeption to this is administrators to the domain or local machine. This is what I have concluded thus far:
1) The issue is not domain related. There are a few clients that have the same domain group policies but work fine.
2) The issue is not security related. This is because the user is granted permission to log on after reboot
3) The issue is not the calling PC. This is beacuse I am able to access other XP clients without the same issues.
3) The issue is most likely PC Specific: Users who are receive this message are permitted to log on multiple times on other XP Clients.
4) This issue is most likely Win Update Related: All client's behaved well up until SP2 (I believe) and may of had a bad install. (15 of 19 XP clients affected).
5) Ths issue is most likely stem to client not releasing completely from remote desktop session. This would somewhat explain why an admin can log on (just like an over-ride when client is in "Lock Computer" mode), and other users can not.
6) All users discuss have the following GP applied: Access this computer from network, Allow log on through Terminal Services, Allow log on locally.
I have done a great deal of work on this and need anyones help. My hope is that someone else has come across this same issue and knows the fix. Although this is not a mission critical issue, it is a pain in the rear. One last note, this same issue applies to interactive sessions in TS Manager. Whereas, the admin may be able to log on to another user's session for support without Users permission the first time. However, any subsequent requests requires user's permission. Thank you in advance for your assistance
Kevin Murphy
Murph Solutions
1) The issue is not domain related. There are a few clients that have the same domain group policies but work fine.
2) The issue is not security related. This is because the user is granted permission to log on after reboot
3) The issue is not the calling PC. This is beacuse I am able to access other XP clients without the same issues.
3) The issue is most likely PC Specific: Users who are receive this message are permitted to log on multiple times on other XP Clients.
4) This issue is most likely Win Update Related: All client's behaved well up until SP2 (I believe) and may of had a bad install. (15 of 19 XP clients affected).
5) Ths issue is most likely stem to client not releasing completely from remote desktop session. This would somewhat explain why an admin can log on (just like an over-ride when client is in "Lock Computer" mode), and other users can not.
6) All users discuss have the following GP applied: Access this computer from network, Allow log on through Terminal Services, Allow log on locally.
I have done a great deal of work on this and need anyones help. My hope is that someone else has come across this same issue and knows the fix. Although this is not a mission critical issue, it is a pain in the rear. One last note, this same issue applies to interactive sessions in TS Manager. Whereas, the admin may be able to log on to another user's session for support without Users permission the first time. However, any subsequent requests requires user's permission. Thank you in advance for your assistance
Kevin Murphy
Murph Solutions
ASKER
Thanks for the reply. Yes and Yes. I use GPMC and love it.... but it provides me no insight. Also, there is nothing that comes up in the logs as well (except log of the error). However, if you know of a specifiic log type of audit setting that I should do, I will try it. Needless to say, this is wiered. Even talked to MS about it, and they did not know what the issue was.
I had same problem with Server 2003
Most PC give me same issue : -> upgrading from XP Home to XP Pro using XP Upgrade.
Some of PC Fix the problem by Unjoin from domain - > Uninstall SP2 (if SP2 is installed) -> Rejoin to domain -> reinstall SP2
Some of PC fix the problem by Clean Install.
Cause: -> (My Theory only)
Remote session never disconnect from Use PC. -> Thats why you have to reboot, even Admin can relog in via RDC without reboot.
Most PC give me same issue : -> upgrading from XP Home to XP Pro using XP Upgrade.
Some of PC Fix the problem by Unjoin from domain - > Uninstall SP2 (if SP2 is installed) -> Rejoin to domain -> reinstall SP2
Some of PC fix the problem by Clean Install.
Cause: -> (My Theory only)
Remote session never disconnect from Use PC. -> Thats why you have to reboot, even Admin can relog in via RDC without reboot.
ASKER
Honestly, I was really affraid that you would say that. I am not looking forward to a reinstall or just unload / reload SP2..... That is because I have at least 15 clients that are acting up like this. I was hoping it was something in regedit... ;-) I do agree with you that its just not "hanging up" after Remote Desktop log off. The only reason why I have reinstalled is because unlike you, I do not have a consistant pattern.... some Upgrade from win2k, some XP and even some purchased with XP SP2. Some were SP2 were installed before joining and other after joining.....Do anyone know of a good registry tool that analysis a system, and better yet compares two systems? There has to be some other solution (although I do think your solution will fix a few pcs, I assume) Any other ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I will try that and let you know if I have any better luck. I too thought I was the only one and it is nice to hear that I am not crazy. It may be a few days before I can get in to play around. If anyone else has experienced this problem and found a type of fix (even if it is the same as xrok), please let us know. Thanks xrok for your comments, I will get back to you.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Well, thank you everyone for your assistance. Althought I am still a little uncertain as to the true reason for my issue, I did find a few ways to fix it or at least a work around. Below are the steps that I would recommend people take, please check whether it works after each change, thereby avoiding more work for yourself.
1. If you use "remote desktops manager", right-click on the workstation/server that you are trying to connect to and select options. Uncheck (if checked) the "Connect to console" box. Click ok. disconnect from the remote computer and reconnect.
2. If that does not fix things, I added the "domain users" to each local machine's remote desktop users.
- go to the PC that you wish to connect to.
- open the users folder on that pc (with administrators rights)
- Click the advanced tab and then click on the "advanced" command button to open "Local Users and Groups"
- select "groups" in the left window and then double click on "Remote Desktop Users"
- In the properties page, click on "add".
- type "domain users" and click ok.
- close out of all windows and log off....
I hope this helps others with this issue. I know that I did not like having to deal with it.
1. If you use "remote desktops manager", right-click on the workstation/server that you are trying to connect to and select options. Uncheck (if checked) the "Connect to console" box. Click ok. disconnect from the remote computer and reconnect.
2. If that does not fix things, I added the "domain users" to each local machine's remote desktop users.
- go to the PC that you wish to connect to.
- open the users folder on that pc (with administrators rights)
- Click the advanced tab and then click on the "advanced" command button to open "Local Users and Groups"
- select "groups" in the left window and then double click on "Remote Desktop Users"
- In the properties page, click on "add".
- type "domain users" and click ok.
- close out of all windows and log off....
I hope this helps others with this issue. I know that I did not like having to deal with it.
it's just wierd this is taking effect AFTER the admin's run up a remote desktop session..
have you also looked at the pc's event logs after one of your admin logons & a user's "attempted" logon? Anything show up?